$ openssl genrsa 2048 key.pem
$ openssl req -new -x509 -key key.pem -out cert.pem -sha256
On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad ab...@visolve.com wrote:
Could you please provide me the steps for creating a self signed
certificate meeting the current FIPS standard ?
Thank you for
I have tried this, but i still get the same error.
Following are the steps that i used before to generate the key and
certificate :
$openssl genrsa -out my_key.key 2048
$openssl pkcs8 -v1 PBE-SHA1-3DES -topk8 -in my_key.key -out localhost.key
$openssl req -new -key localhost.key -out
Signed-off-by: Ruoyu lian...@ucweb.com
---
crypto/dso/dso_beos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/dso/dso_beos.c b/crypto/dso/dso_beos.c
index 553966e..b5e8084 100644
--- a/crypto/dso/dso_beos.c
+++ b/crypto/dso/dso_beos.c
@@ -112,7 +112,7 @@ DSO_METHOD
Signed-off-by: Ruoyu lian...@ucweb.com
---
fips/aes/fips_aesavs.c | 1 +
fips/des/fips_desmovs.c | 1 +
fips/sha/fips_standalone_sha1.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c
index fecaf99..d979548 100644
---
Fixed on HEAD; will be part of post 1.0.2 release
commit 9aaa7be8d4be38c0a13a64a0a8cf6c4774c45a0f
Author: Nick Lewis nick.le...@usa.g4s.com
Date: Mon Aug 11 22:56:46 2014 -0400
PR 2580: dgst missing current SHA algorithms
Update the dgst.pod page to include SHA224...512 algorithms.
Update
already been fixed by some masked podman :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Tue, Aug 12, 2014 at 01:26:30AM +0200, John Foley via RT wrote:
The commit into 1.0.1 didn't include the changes to s3_lib.c. SRP is still
broken on this branch. Are there any plans to fix this?
Can you confirm that that commit from master fixes things for you?
On Aug 11, 2014, at
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the problem.
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
emask_k =
On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the problem.
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL
Fix will be in post -1.0.2 release. Here's the commit; used die because that
also works for interrupt signals
commit cde8ad1a28cec6a950eb61d2aca616795619c8e6
Author: nnpos...@users.sourceforge.net nnpos...@users.sourceforge.net
Date: Mon Aug 11 23:36:27 2014 -0400
PR 719: Configure not
If still desired, please open a new ticket with an updated patch; the config
script is now very different.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Dunno who, dunno when, but someone did this fix already.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This will be in a release after 1.0.2
commit 9aaa7be8d4be38c0a13a64a0a8cf6c4774c45a0f
Author: Nick Lewis nick.le...@usa.g4s.com
Date: Mon Aug 11 22:56:46 2014 -0400
PR 2580: dgst missing current SHA algorithms
Update the dgst.pod page to include SHA224...512 algorithms.
Update apps/progs.pl to
Seems like a Java issue. As a work-around, try using temp file for the
password.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
And, perhaps the least desireable fix: not going to fix 0.9.8
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
File corruption seems the cause. Can't reproduce the situation.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in the rsalz-monolith branch, to be release after 1.0.2 release.
You can see it here: https://github.com/akamai/openssl/tree/rsalz-monolith/apps
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Fixed as shown; to be released post-1.0.2
commit bebbb11d132cc149f7713d6693703f8bfae10072
Author: Ingo Schwarze schwa...@usta.de
Date: Tue Aug 12 15:47:06 2014 -0400
RT3239: Extra comma in NAME lines of two manpages
In two OpenSSL manual pages, in the NAME section, the last word of the
name list
Can you take a look at http://rt.openssl.org/Ticket/Display.html?id=549
And let us know what you think?
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
This seems to be working as desired; the content is in the first part.
If you want empty content, a detached signature, use the -content flag.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Heya!
I just discovered that there is no way to force OpenSSL SSL client to send
Certificate rercord if server hasn't sent CertificateRequest.
Would a patch that will this API hole be welcome? What API do you guys have
in mind?
Cheers,
Fedor.
[ Redirecting to openssl-users ]
On Wed, Aug 13, 2014 at 01:05:24AM +0400, Fedor Indutny wrote:
I just discovered that there is no way to force OpenSSL SSL client to send
Certificate record if server hasn't sent CertificateRequest.
That would be a TLS protocol violation.
Would a patch that
Viktor,
Despite being a protocol violation, it is accepted by the OpenSSL's server
implementation.
But I do see now that this is indeed covered by RFC 5246. Sorry, I have
missed that line in
the Client Certificate section.
On Wed, Aug 13, 2014 at 1:48 AM, Salz, Rich rs...@akamai.com wrote:
On 8/12/2014 6:06 PM, Viktor Dukhovni wrote:
On Tue, Aug 12, 2014 at 04:22:21PM -0400, Salz, Rich wrote:
Can you take a look at http://rt.openssl.org/Ticket/Display.html?id=549
And let us know what you think?
I contribute bits of code to MIT and Heimdal Kerberos and maintain
a Kerberos
On Tue, Aug 12, 2014 at 11:17:36PM -0400, Jeffrey Altman wrote:
The modern way to combine Kerberos with TLS is GSSAPI with channel
binding. The old crufty Kerberos support should be deleted from
master. No new features should be added to this code.
RFC 2712 is a Proposed Standard. I
Someone updated tsget to use the perl curl library, and the content-type is
fetched via a curl method, so this is already done. thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Old version, not enough information to reproduce.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Thanks but we're not going to do this; the ENV:: construct is documented and
putting a bogus field
by default doesn't seem like a good idea.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Who is this frodo guy? :)
Fixed in post-1.0.2
commit 690a2b1fa2c8a7dba0be84dfc052d86b864bedc3
Author: Matt Caswell fr...@baggins.org
Date: Wed Aug 13 00:28:03 2014 -0400
RT1665: Fix podpath to get xref's right
In Makefile, when build manpages, put the current directory
at the start of the
29 matches
Mail list logo
